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1  Introduction 

In  this  paper  we  present  a  decidability  result  for  a  quantified  theory  of  sets  involving 
the  boolean  predicate  is.finite.  Also  we  will  show  a  technique  which,  under  certain 
conditions,  allows  the  elimination  of  quantifiers  from  a  given  formula  .  So  far  many 
unquantified  theories  have  been  shown  to  be  decidable  and  decision  algorithms  have 
been  given  for  them  (see  for  example  [2]-[10]  and  [12]).  Thus  this  procedure  allows  to  lift 
to  the  quantified  case  several  decidability  results  concerning  unquantified  sublanguages. 
Related  results  for  quantified  theories  are  also  given  in  [11]  and  [12].  For  all  the  definitions 
and  basic  properties  in  set  theory  we  refer  to  [1]. 

2  The  predicate  is_finite 

Let  T  be  the  quantifier  free  theory  in  the  language  0,  =,  ^,is.finite  where  the  constant  0 
represents  the  empty  set  and  the  predicate  is.finite{x)  is  true  if  and  only  if  x  represents 
a  finite  set. 

DEFINITION  2.1   A  prenex  formula  on  the  theory  T  is  a  formula  of  the  form 

QiQ2---Qn<l> 

where: 


(a)  <f>  is  a  boolean  combination  of  literals  of  type  x  G  y,x  =  y^is.finite{x); 

(b)  the  Qi's  are  restricted  quantifiers  either  all  of  the  form  3x,  G  y,  or  all  of  the  form 

Vx,  G  y.; 

(c)  no  X,  is  a  yj,  for  any  i,j  =  1, . .  .  ,  n. 

DEFESJITION  2.2   (i)   By  SPF{T)  we  denote  the  class  of  simple  prenex  formulae  of 
the  theory  T . 

(ii)   By  SPF*{T)  we  denote  the  subclass  of  SPF{T)   consisting  of  those  formulae  in 
which  the  predicate  is. finite  can  apply  only  to  free  variables. 

(iii)   By  SPF*(T)  we  denote  the  subclass  of  SPF*{T)  consisting  of  those  formulae  in 
which  the  relation  =  never  applies  to  pairs  of  bounded  variables. 

This  paper  solves  the  decision  problem  for  the  class  of  formulae  SPF1{T).  Namely, 
let  $  be  a  conjunction  of  formulae  of  SPF1{T)  and  let  V  =  {yi, ...,  y„}  be  the  set  of  free 
variables  occurring  in  $  Also,  let  Vq  =  V  U  {0}. 

THEOREM  2.3  Let  D  and  F  be  two  collections  of  set  variables  such  that  \D\  <  n^  —  n 
and  \F\  <  n.  Let  W  =  VqUDuF  and  let  "^  be  the  formula  obtained  from  $  by  recursively 
replacing  each  formula  (Vx  G  y)(f)  with  the  set  of  formulae  {((x  ^  y)  —y  <p)t\t  G  W]  until 
no  universal  quantifiers  are  left.    Then  $  is  injectively  satisfiable  if  and  only  if  there  exist 

•  a  set  Q  of  membership  and  inequalities  relations  on  the  elements  ofW  and  assign- 
ments of  truth  values  to  the  predicate  is.finite  ranging  on  Vq,  such  that 

—  for  each  x,y  in  W  either  x  ^  y  or  x  ^  y  is  in  Q, 

—  for  each  x,y  in  W,  x  ^  y  is  in  Q,  and 

—  for  each  x  G  V^  either  is.finite{x)  or  -'is.finite(x)  is  in  Q. 

•  a  disjunct  ^'  of  a  disjunctive  normal  form  of  ^ 

such  that 

1.  ^'aQ  does  not  contain  any  explicit  contradiction  of  the  form  x  ^  x,  or  x  =  y  Ax  ^ 
y,  or  X  G  y  A  X  ^  y,  or  is.finite{x)  A  -^is.finite{x); 

2.  Q  does  not  contain  any  cycle  of  memberships  Xq  G  Xi  G  •  ■  ■  G  x/j  G  Xq; 

S.  for  each  yi,  yj  in  V  either  yi  =  y^  or  there  exists  d  m  W  such  that  either  c?  G  y,  Ac?  ^ 
yj  or  d  ^  yj  A  d  £  y^  are  in  Q; 

4.  for  each  z  in  W,  z  ^%_is  in  Q; 


5.  for  each  y  in  V,  -<is. finitely)  is  in  Q  if  and  only  if  there  exists  i  in  F  such  that 
/  G  y  is  in  Q. 

Proof:  =^  Let  us  suppose  that  $  has  a  model  A/,  such  that  M0  =  0.  Then  for  each 
y  G  V,  if  My  is  finite  put  is^finite{y)  in  Q  otherwise  put  ^is.finite{y)  in  Q.  Put  also 
is.finite{^)  in  Q.  Let  A  be  a  minimal  set  which  intersects  all  nonempty  sets  of  the  form 

{Mx\My)\{Mz\zinVo} 

with  X,  y  ranging  over  Vq.  For  each  a  ^  A  introduce  a  new  variable  Za  and  put  Mza  =  a. 
Let  D  =  {za\a  G  A}.  Clearly  \D\  <  n"^  -  n. 

Let  5  be  a  minimal  set  which  intersects  all  the  infinite  sets  of  the  form 

My\{Mz\zinVuD}, 

for  y  in  V,  and  which  has  empty  intersection  with  all  the  finite  sets  Aly',  with  y'  in  V. 
For  each  6  in  B,  introduce  a  new  variable  /;,  and  put  Mfi,  =  b.  Let  F  be  the  set  of  these 
newly  introduced  variables.  Then  clearly  |F|  <  n. 

Finally  for  each  pair  of  variables  in  VqU  D  U  F,  say  z\  and  Z2,  if  Mzi  G  Mz2  put 
z\  G  22  in  Q,  else  put  ^i  ^  22  in  Q.  Let  then  'I'  be  a  formula  obtained  from  $  as  described 
in  the  statement  of  the  theorem. 

LEMMA  2.4  M  satisfies  *. 

Proof.  Let  C  be  a  conjunct  in  ^.  Then  C  is  logically  equivalent  to  a  formula  of  type 

(u),j  G  y,i  A  •  •  •  A u'.,  G  y,j  -^  <t>w'^::'zi, 

for  some  conjunct  (Vx,j  G  y,j )  •  •  •  (Vx,^  G  yiJ</>  in  $.  If  Mu',  ^  My,  ,  for  some  j  = 
1,...,5,  then  C  is  vacuously  satisfied  by  M.  On  the  other  hand,  if  Mwi  G  My,  for 
all  j  =  1,...,5,  then  since  il/  satisfies  (Vxij  G  y.i)  •  •  •  (Vx,,  G  yt,)4>,  it  clearly  satisfies 
(f>w^j^...w,,  also.  • 

Let  us  transform  ^  in  disjunctive  normal  form  and  let  'I''  be  a  disjunct  satisfied  by 
M.  Since  M  satisfies  '^'  and  (5,  from  the  very  construction  of  Q  it  follows  that  conditions 
1-5  hold. 

^  Conversely,  assume  that  there  exist  D,  F,  Q,  "I*'  such  that  conditions  1-6  are  satis- 
fied. 

For  every  set  s  we  define  inductively 

Let  <  be  a  total  ordering  of  W  such  that 


•  0  is  the  minimuin  of  <; 

•  if  X  G  y  is  in  Q  then  x  <  y. 

Notice  that  conditions  1-5  assure  that  such  an  ordering  always  exists. 

Let  {ix\x  in  W\Vo}  and  {jj\f  in  F]  be  two,  respectively  0{n^)  and  0{n),  collections 
of  pairwise  distinct,  finite  sets  such  that  all  the  i^'s  have  the  same  rank  p  and  cardinality 
7  >  n^  -f  1  and  all  the  ji/'s  have  the  same  rank  p'  >  p  +  n^  and  cardinality  7'  >  7. 

Following  the  ordering  <  of  variables,  we  put  for  all  x  inW: 


where: 


K 


^=1    fJ'') 


Mx  =  IriJF-rU  {Mx'\x'  e  X  is  in  Q,x'  in  W}  (1) 


_  j    0  if  a:  is  in  Vo 

""1    {i^}     ifx  isin  W^\yo  ' 


if  /  ^  X  is  in  Q  for  all  /  in  F 
{i}"'  UMf\h>lJ  in  FJ  ex  in  Q}    otherwise 


LEMMA  2.5   For  all  z  £  W,  f  e  F,h>  0,  the  following  assertions  are  true 

(i)  Mz  ^  I:,,  jf,  for  all  x  e  DU  F. 

(ii)  Mz  /  jf\ 

(iii)  Mz  +  jf  U  Mf. 

Proof,  (i)  If  F^  ^  0,  then  \Mz\  >  u.  On  the  other  hand  if  Fj  =  0  then  f  ^xis'inQ  for 
all  /  in  F  so  that 

\Mz\  <  1  +  \W  \  F|  =  1  +  IFol  +  IZ^I  =  1  +  n  +  1  +  n^  -  n  =  n^  +  2. 

Therefore  either  \Mz\  >  a?  or  \Mz\  <  n^  +  2  and  in  any  case  Mz  ^  i^  and  Mz  ^  jf, 
since  n^  +  3  <  \ii\  <  \jf\  <  u. 

(ii)  The  case  in  which  /?  =  0  has  already  been  considered  in  (i).  We  can  therefore 
suppose  h  >  \.  We  distinguish  two  cases  according  to  whether  there  is  a  chain  of 
membership  relations  f'e.z,^  E  •  •  •  G  2,^  G  z,  with  k  >  0  and  /'  G  F,  or  not.  In  the 
first  case,  it  follows  easily  that  rank{Mz)  >  u.  In  the  second  case  it  can  be  proved 
by  induction  that  rank{Mz)  <  p  +  h^  -\-  \  where  h^  is  the  length  of  a  longest  chain  of 


membership  relations  ending  in  z.  Thus  h~  <  \W\F\,  which  in  turn  imphes  rank{Mz)  < 
p+n'^  +  2.  In  any  case  M2  ^  jf\  since  p^n^-\-2  +  h  <  ranh{jf'')  <  t^- for  all  h>l,feF. 

(iii)  Assume  by  contradiction  that  Mz  —  jj  U  M f,  for  some  z  in  W,  f  in  F,  and 
h>l.  Then  jf''^  e  Mz.  Notice  that  jj''"''  ^  /„  since  if  /,  7^  0  then  ranJt(jj''"'')  = 
p'  +  (/i  -  1)  >  P  =  rank{i,).  In  addition,  by  (ii),  ;}''"^^  ^  {Mz'\z'  e  z  is  in  Q,  z'  in  TV'}. 
Therefore,  if  Mz  =  jj  U  Mf,  by  (1)  we  necessarely  must  have  j j  ^  F^  ^  0,  i.e., 
j\  ~  '  =  j^*'\  for  some  k  >\  and  ^  in  F  such  that  g  ^  z  \s\nQ.  We  will  show  below  that 
this  is  impossible,  therefore  proving  that  Mz  ^  jj  U  M  f,  for  all  z  in  W ,  f  m  F,  h  >  1. 
Indeed,  if  jj  —  ji^^  then  from  the  definition  of  the  j/''s,  /'  in  F,  we  must  have  f  =  g 
and  k  =  h  -1.  But  then  /  €  2  would  be  in  Q  and  jJ'''  U  Mf  G  jUr,  i.e.,  Mz  e  Mz, 
which  contradicts  the  well  foundness  of  sets.  • 


LEMMA  2.6  For  all  uji,u'2  in  W 

(i)   if  wi  ^  W2  then  Mu'i  ^  Mw^; 

(ii)  ii)i  G  u)2  is  in  Q  if  and  only  if  Mwi  6  Mw2. 

Proof,  (i)  Let  u'l  ^  u»2.  Suppose  first  that  Wi,W2  are  in  Vq.  Let  heightQ{w)  be  the 
length  of  a  longest  chain  of  membership  relations  in  Q  ending  in  w.  We  will  proceed  by 
induction  on  max{heightQ(wi),heightQ(w2)).  Ii  max{heightQ{wi),heightQ{w2))  =  0, 
then  by  condition  3  of  the  theorem  w\  =  W2,  which  shows  that  the  base  case  of  the 
induction  is  vacuously  true.  Concerning  the  inductive  step,  assume  by  contradiction  that 
Mu'i  =  Mw2-  From  condition  3  of  the  theorem,  it  follows  that  there  exists  a  variable  d 
in  W  such  that  either  d  &  ivi  A  d  ^  W2  is  in  Q ,  or  d  ^  Wi  A  d  G  W2  is  in  Q.  Suppose  for 
definiteness  that  d  E  u'l  and  d  ^  u'2  are  in  Q.  The  definition  (1)  of  the  model  M  implies 
that  Md  E  Mu'i.  Thus  our  initial  assumption  yields  Aid  G  Mu'2,  which  by  (i)  and  (iii) 
of  the  preceding  lemma  implies  Md  —  Md'  for  some  variable  d'  in  W  for  which  d'  G  u'2 
is  in  Q.  But  max{heightQ{d),heightQ{d'))  <  max{heightQ{wi),heightQ{w2))-  Hence 
by  induction  d  =  d'  and  consequently  both  d  ^  W2  and  d  ^  W2  are  in  Q,  contradicting 
condition  1  of  the  theorem.  Thus  (i)  is  proved. 

(ii)  If  wi  G  If 2  is  in  Q  then  from  the  definition  (1)  of  the  assignment  M  it  follows 
that  Mwi  G  Mw2.  Conversely,  assume  that  Mwi  G  Mw2.  From  Lemma  2.5,  it  follows 
that  Af  U'l  ^  7^,2  U  F„,j.  Therefore  Mwi  =  Mw[  for  some  w[  in  W  such  that  w\  G  u'2  is 
in  Q.  Thus  from  (i)  u'l  =  w[,  i.e.  u\  G  u'2  is  in  Q.  • 


LEMMA  2.7    The  following  assertions  are  true  for  all  h>l,f  in  F,x  in  W: 
(i)   U^/^  U  Mf)  e  Mx  if  and  only  if  Mf  E  Mx; 
(ii)   Mx  e  (jj''^  U  Mf)  if  and  only  if  Mx  G  Mf; 

Proof,  (i)  Let  {j\^^  U  M f)  €  Mx,  for  some  /  in  F,  x  in  W  and  /?  >  1.  From  (1), 
the  definition  of  the  i^'s  and  j/'s,  and  Lemma  2.5  it  follows  that  jj  U  A//  =  j^'''  U  Mg 
for  some  gf  in  TV  such  that  ^  G  x  is  in  Q.  We  will  show  that  f  =  g,  thus  proving  that 
f  e  X  is  inQ  and  in  turn  by  Lenmia  2.6(ii)  that  Mf  G  Mx.  We  have  jf~^^  G  j^*^'  U  Mg. 

We  show  that  j}''"'^  G  if  ^  Indeed  if  jj^"^^  G  Af  g,  then  as  above,  jf~^^  G  jj!''*  U  A/g', 
for  some  g'  in  H^  such  that  g'  E  g  is  in  Q,  and  for  some  k'  >  1.  But  by  Lemma 
2.5(ii)  \jg,  U  Mg'\  >  2,  thus  /i  =  1,  i.e.,  jj  =  j/-  This  is  a  contradiction  since 
rank{j])  =  rank{jgi)  <  rank{jg,  ')  <  rank{jg,  'UMg').  Having  proved  that  jj  "*'  G  jf , 
from  the  definition  of  the  j's  it  follows  that  f  =  g  (and  h  =  k). 

Conversely,  assume  that  Mf  G  Mx.  Then  the  preceding  lemma  yields  that  /  G  x  is 
in  Q  which  by  (1)  in  turn  implies  that  (j}'*'  U  M  f)  G  Af  x,  for  all  h  >  1. 


(ii)  In  order  to  prove  (ii)  it  is  enough  to  show  that  Mx  ^  n  for  all  f  in  F  and  h  >  L 
But  this  follows  immediately  from  Lemma  2.5(ii),  since  if  Mx  G  jj  then  we  would  have 
Mx  =  jj        1  which  is  a  contradiction.  • 

LEMMA  2.8  M  is  a  model  for  *'. 

Proof  :  Notice  that  by  condition  1  of  the  theorem: 

-  if  X  G  y  (resp.  x  ^  y)  is  in  '^'  then  x  ^  y  (resp.  x  ^  y)  is  in  Q; 

-  if  X  =  y  is  in  'I''  then  x  =  y; 

-  if  X  7^  y  is  in  ^'  then  x  7^  y  is  in  Q; 

-  ii  is. finite{x)  (resp.  -'is.finite{x))  is  in  ^' then  is.finit€(x)  {resp.  -^is .f  inite{x)) 
is  in  Q. 

Thus  in  view  of  Lemma  2.6,  in  order  to  show  that  M  models  correctly  every  conjunct  of 
^'  it  is  enough  to  show  that  if  is.finite{x)  (resp.  ^is..finite{x))  is  in  ^',  then  |A/x|  <  u 
(resp.  |Afx|  >  w).  But  ii  is.finiie{x)  is  in  ^'  then  from  conditions  1,5  of  the  theorem 
and  the  definition  of  Q  it  follows  that  F^  =  0,  so  that,  by  (1),  |A/x|  =  |/^  U  {Afx'|x'  G 
X  in  Q]\    <  u.     And  also,   if  -iis.finite{x)  is  in  ^',   then  again  from  conditions  1,5 


of  the  theorem  it  follows  that  {j}'''  U  Mf\h  >   1}   C  F^,  for  some  /  in  F.    Therefore 

Now  we  are  ready  to  show  that  i\/,  as  defined  from  (1),  satisfies  $.  Since  all  unquan- 
tified  conjuncts  of  $  are  also  present  in  ^',  we  only  need  to  prove  that  M  satisfies  all 
conjuncts  in  $  of  the  form 

(Vxiey,J---(Vx,  Gy.J<;i.  (2) 

where  y,j , . . . ,  y,^  are  in  V  and  (f)  is  an  unquantified  formula  of  T.    To  show  that  M 
satisfies   (2)   we  must  prove  that  for  all  Si    €    My,i,...,5fc    G    My,,,   the  assignment 
AI[xi/si]  ■  ■  ■  [xkjsk]  ^  satisfies  (f). 
Let 

(0)  _  r  Sj        lis  J  e  {Mz\2  e  y,^  is  in  Q] 
^'     ~  \  Mf    if  Sj  =  ;}''*  U  Mf  for  some  h  >  1,  /  in  F  such  that  /  G  y.^  is  in  Q.  ' 

Thus  sf^  =  Mzj  for  some  zi,...,Zk  in  W.  Since  M  satisfies  't'  (cf.  Lemma 
2.8),  it  follows  that  M  satisfies  'I'  too.  Consequently,  since  Mzj  G  i\/y,\,,  for  all  j  - 
l,...,it,  M  satisfies  (f>^,l'""'^^ ■  Let  £  be  any  hteral  in  (j).  From  our  assumption  that  (p 
belongs  to  the  class  SPF^{T)  it  follows  that  i  can  be  neither  of  type  a-^-  =  x,-  nor 
of  type  Xi<  ^  X,".  By  considering  all  remaining  possibilities  for  the  literal  i,  Lemma 
2.7  yields  M[xr/s,]- ■  ■[xjs,]{i)  =  M[xjs[°^]---[x,/si°\i)  =  M(^f^-.-*).  Therefore 
M[xi/si]  ■  ■  ■  [xk/sk]{(l))  =  M((?!)fj'-f*)  =  true.  For  the  arbitrariety  of  s^  G  A/y,,,  •  •  •  ,.5^  G 
Myt^,  this  in  turn  implies  that  M  satisfies  (2),  concluding  the  proof  of  the  theorem.     • 

Remark.  Notice  that  the  preceding  algorithm  fails  to  detect  unsatisfiability  of  certain 
conjunctions  of  formulae  of  SPF*{T).  Consider  for  example  the  formula 

-^is.finite{y)  A  (Vxi  G  y)(Vx2  G  y){xi  =  X2) 

which  is  clearly  unsatisfiable.  It  is  quite  easy  to  see  that  by  choosing  D  =  fl),F  =  {/},  Q  — 
{/  £  2/5  /  ^  01  0  ^  J/i  0  ^  /}'  ^^1  conditions  of  the  theorem  are  sastisfied. 


• 


3      Elimination  of  quantifiers  in  set  theory 

In  this  section  we  present  a  result  of  elimination  of  quantifiers  in  set  theory. 
Consider  the  class  of  formulae  in  the  language  C  consisting  of 


'Given  an  assignment  A  over  sets,  a  variable  x,  and  a  set  s,  by  A[x/s]  we  mean  the  assignment  B  such 
that  By  =  Ay,  for  all  y  ^  x  and  Bx  —  s 


(i)  a  denumerable  infinity  of  set  variables; 

(ii)  set  operators  (0,  U  ,  n  ,  \  ,{•,...,•}  ,  pow  ,    Un  ,   x  ,   . .  .  ); 

(iii)  set  predicates  (  =  ,G  ,  . .  .)i 

(iv)  boolean  connectives  (A  ,   V  ,   ->  ,  ^  ,   <-*  ); 

(v)  quantifiers  (V  ,  3). 

DEFINITION  3.1  A  formula  4>  in  C  is  0-flat  if  each  quantified  variable  y:  in  (f>  appears 
only  within  atoms  of  type 

X  =  t       or        X  ^  t, 

where  t  is  any  term  of  C  not  containing  x. 

Remark.  Notice  that  the  preceding  definition  implies  that  in  a  0-flat  formula  <f>: 

(a)  no  composed  term  occurring  in  (f>  can  contain  quantified  variables; 

(b)  if  a:  G  y  occurs  in  (f),  then  y  is  free; 

(c)  if  a*  =  y  is  in  (f>,  then  either  x  or  y  must  be  free. 

THEOREM  3.2  Let  (f)  be  a  0-flat  formula  of  C.  Then  there  is  an  algorithm  to  construct 
a  quantifier-free  formula  V'  such  that 

^2?      i<f>  ^  V')   ■ 

Proof.  Below  is  the  algorithm: 

STEP  1.  Bring  (f)  in  prenex  normal  form,  (denoted  by  (j)i). 

STEP  2.  Let  <^2  be  obtained  by  replacing  in  (f)^  every  universal  quantifier  (Vx)  by  the 
expression  -i(3x)-i.  Let  p  be  the  matrix  of  <f>2  and  let  x  be  the  innermost  quantified 
variable  (i.e.,  {3x)p  is  a  subformula  of  (/>2).  Bring  p  into  disjunctive  normal  form 

(Pll  A  •••  /\pi,hi   Api,/,,+i  A  •  ■•  Api,fcJ  V  ■■•V  (p„,i  A  ••  ■  Apn,h„  ^  Pn,hr,  +  1  ^^  '  ^  Pn,k„), 

where  x  does  occur  in  pj,i, . . . ,  p-j^hj  and  does  not  occur  in  Pj^kj+\,  ■■  ■ ,  Pj,icj-,  i  =  1,  •  •  • ,  "• 


Comment:  Notice  that 


"ZF 


{3x)p 


n 

V   ((3x)(p,,i  A  •  •  •  A  pj^h,)  A  {pj,h^+i  A  •  ■  •  A  pj.fcj) 


Therefore,  for  all  j   =   l,...,n,   it  is   enough  to  construct  a  quantifier-free 
formula  tpj,  such  that 

hzF       (3t)(p_,,i  a  •  •  •  a  pj^h,)  ^^y 


STEP  3.  li  X  =  t  \s  one  of  the  conjuncts  pj,i, . .  .  ,Pj,/i_,,  then  we  put 
So,  assume  that  no  p^^  is  of  type  x  =  t.  Let 

T     £     I]  ,  ■    ■    •    ,         2"     G     IjTl]  ) 

3"   %   T„j^i,       .  .  .  ,      a"   ^  Im2» 
•^   T"   'm2  +  li       •  ■  •  ?       -^    /     ^"13 

be  the  conjuncts  Pj_], . .  .  ^Pj,h,- 
Then  we  put 


v-. 


^  r  ((iin---n^„J\(i„j+iU---ui„,  u{i„,+i,...,/„3})^0)    if  7771  >  1 

~  I    true  if  777i  =  0 


Let  4)z  be  the  formula  obtained  by  replacing  in  4>2  the  subformula  (3x)p  by  the  sub- 
formula  Vj=i  V'j- 

Comment:    We  have  h^p      {(l)^  <->  <;z!>3).  Moreover,  (f)^  has  one  quantifier  less 
than  (j)2  and  it  is  still  a  0-flat  formula. 


By  applying  repeatedly  steps  2  and  3,  in  a  finite  number  of  iterations  a  quantifier- 
formula  xp  is  obtained.  Then,  it  follows  immediately  from  the  above  observations  that 

hzF      {<f>  "-*  '^)  ■ 


Remark.  If  the  underlying  unquantified  theory  is  decidable,  then  so  is  the  corresponding 
quantified  class  of  0-flat  formulae. 

Example  1:  Let  £i  be  the  language  whose  set  operators  are  0,  U,  n,  \,  {•,...,  •},  pow 
and  whose  predicate  symbols  are  =,  €.  In  [3]  this  theory  has  been  shown  to  be  decidable. 
Then  the  class  of  0-flat  formulae  over  £i  is  decidable. 

Example  2:  Let  £2  be  the  language  whose  set  operators  are  0,U,n,\,  Un  and  whose 
predicate  symbols  are  =,  G.  In  [6]  this  theory  has  been  shown  to  be  decidable.  Then  the 
class  of  restricted  0-flat  formulae  over  £2  is  decidable,  where  a  formula  is  restricted  0-flat 
if  all  quantified  variables  can  occur  only  within  atoms  of  the  form  x  ^  t. 

3.1      Examples  of  elimination  of  quantifiers 

In  this  subsection  we  show  how  the  algorithm  works  on  two  examples. 

Example  1:  Consider  the  following  formula  (j) 

(Vx)(3c)((2  e  w  A  X  ^  w)  y  {z  ^  w  A  X  €  w)). 

4)  is  already  in  prenex  normal  form  so  the  first  step  of  the  algorithm  can  be  skipped. 
Application  of  step  2  leads  to 

-i(3a-)-i(3r)((2  ^  w  hx  ^w)'\/  {z  ^w  Ax  ^  w)) 

whose  matrix  is  already  in  disjunctive  normal  form.     By  distributing  the  existential 
quantifier  over  the  disjunction  we  then  get 

-'(3x)-'((32)(2  e  10  A  X  ^  w)  V  {3z){z  ^w  Ax  e  w)), 

which  is  logically  equivalent  to 

-.(3x)-^(((3c)(2  e  If)  A  (x  ^  w))  V  ((32)(2  ^  w)  A  (x  E  w)). 

Application  of  step  3  then  produces  the  formula 

-i(3x)-'((u'  7>^  0  A  X  ^  u')  V  {true  \  U'  7^  0  A  x  G  U'), 

i.e., 

-i(3x)-i((u'  :7^0Ax^u')VxG  w). 

Bringing  in  the  negation  we  obtain 

-i(3x)(-i(u'  7«^  0  A  X  ^  w)  A  X  ^  u)), 

10 


I.e., 

^(3x){{w  —  <!}yxew)Ax^  w), 

which  is  obviously  logically  equivalent  to 

->{3x){w  -  ^  /\x  ^  w). 
Finally,  execution  of  step  3  gives 

-i(u)  =  0  A  true), 

i.e., 

So  we  can  conclude  that 

\-ZF   (Vx)(3r)((2  e  w  A  X  ^  w)  V  (z  ^  w  A  X  e  w))  ^  iv  ^  0. 

Example  2:  Consider  now  the  following  formula  <f)' 

{3z){yx){{z  e  w  Ax  ^  w)\/  {z  ^w  Ax  e  u')) 

(which  is  obtained  from  the  previous  one  by  simply  inverting  the  order  of  the  quantifiers). 
Applying  step  2  we  get 

(3z)-i(3x)-'((z  G  U'  A  x  ^  w)  \/  {z  ^  w  A  X  e  w)), 

which  is  logically  equivalent  to 

(32)-'(3x)((3    ^W\/xew)A(zew\/X^   tt')), 

and  also  to 

{3z)-^{3x){{z  ^  w  A  X  ^  w)  V  {x  £  w  A  z  ^  w)). 

Thus  by  eliminating  the  quantifier  (3x),  we  obtain 

{3z)-'{{z  ^  IV  A  true)  V  (iw  7^  0  A  2  G  w)), 
which  is  logically  equivalent  to 

(3z){{z  G  u')  A  (u'  =  0  V  2  ^  w)) 

and  also  to 

i3z)((z  G  u'  A  10  =  0)  V  (2  G  U'  A  2  ^  w)). 

11 


This  last  formula  obvioulsy  simplifies  to 

{3z){{z  e  IV  Aw  =  0), 

so  that  by  applying  again  steps  2  and  3  we  finally  get 

u'  7^  0  A  u;  =  0      (=  false). 

Thiis  we  can  conclude  that 

{3z){Wx){{z  ewAx^w)V{z^wAxe  «')) 

is  unsatisfiable. 

Acknowledgement.    This  work  has  been  partially  supported  by  Eni  and  Enidata 
(Bologna,  Italy)  within  the  AXL  project. 

References 

[1]     Jech,  T.,  Set  Theory.  Academic  Press,  New  York  (1978). 

[2]  Ferro,  A.,  Omodeo,E.G.,  Schwartz,  J.T.,  Decision  procedures  for  elementary  sub- 
languages of  set  theory.  I.  Multilevel  syllogistic  and  some  extensions.  Comm.  Pure 
Appl.  Math  33  (1980)  559-608. 

[3]  Cantone,  D.A.,  A  decision  procedures  for  a  class  of  unquantified  formulae  of  set  the- 
ory involving  the  powerset  and  singleton  operators.  Ph.D.  thesis,  Courant  Institute 
Math.  Sci.,  NYU  (Jan.  1987). 

[4]  Breban,  M.,  Ferro,  A.,  Decision  procedures  for  elementary  sublanguages  of  set  the- 
ory. III.  Restricted  classes  of  formulae  involving  the  powerset  operator  and  the  gen- 
eral set  vmion  operator.  Adv.  in  Appl.  Math.  5  (1984). 

[5]  Cantone,  D.A.,  Ferro,  A.,  Schwartz,  J.T.,  Decision  procedures  for  elementary  sub- 
languages of  set  theory.  VI.  Multilevel  Syllogostic  extended  by  the  powerset  operator. 
Comm.  Pure  Appl.  Math.,  Special  Anniversary  issue,  Vol.XXXVIII  (1985)  549-571. 

[6]  Cantone,  D.A.,  Ferro,  A.,  Schwartz,  J.T.,  Decision  procedures  for  elementary  sub- 
languages of  set  theory.  V.  Multilevel  Syllogistic  extended  by  the  general  union 
operator.  Journ.  Comp.  Syst.  Sci.,  Vol.  34,  No.  1,  (Feb.  1987)  1-18. 

[7]  Omodeo,  E.G.,  Decidability  and  proof  procedures  for  set  theory  with  a  choice  oper- 
ator. Ph.D.  thesis,  Courant  Institute  of  Math.  Sci.,  NYU  (1984). 

12 


[8]  Ferro,  A.,  Omodeo,  E.G.,  Decision  procedures  for  elementary  sublanguages  of  set 
theory.  VII.  Validity  in  set  theory  when  a  choice  operator  is  present.  Comni.  Pure 
Appl.  Math.,  to  appear. 

[9]  Cantone,  D.A,  Ferro,  A..  Omodeo,  E.G.,  Decision  procedures  for  elementary  sub- 
languages of  set  theory.  VIII.  A  semi  decision  procedure  for  finite  satisfiability  of 
unquantified  set  theoretic  formulae.  Comm.  Pure  Appl.  Math.,  to  appear. 

[10]  Cantone,  D.A.,  Schwartz,  J.T.,  Decision  procedures  for  elementary  sublanguages  of 
set  theory.  XI.  Multilevel  Syllogistic  extended  by  some  elementary  map  construct. 
Submitted  to  Journal  of  Symbolic  Computation. 

[11]  Breban,  M.,  Ferro,  A.,  Omodeo,  E.G.,  Schwartz,  J.T.,  Decision  procedures  for  el- 
ementary sublanguages  of  set  theory.  II.  Formulas  involving  restricted  quantifiers, 
together  with  ordinal,  integer,  map,  and  domain  notions.  Comm.  Pure  Appl.  !Math 
34  (1981)  177-195. 

[12]  Cantone,  D.A.,  Cutello,  V.,  Ferro,  A.,  Decision  procedures  for  elementary  sublan- 
guages of  set  theory.  XIV.  Three  languages  involving  rank  related  constructs.  Sub- 
mitted to  ISSAC-S8. 


13 


C.2 


NYU   COMPSCI    TR-37  8 

^^''^°!^^;iLbilitY    results 
^rcurntffiea^sLlan.ua.es 

of  set  theory. 


NYU  COMPSCI  TR-37  8      c.2  ~ 

Cantone,  D 

Some  decidability  results 

on  quantified  sublanguages 

of  set  theory. 


This  book  may  be  kept 

FOl4$?nrSEN    DAYS 

..m  be  charged  fo.  -^'i^^^rli::::!!^^! 


